1 / 30

Security Trends

Security Trends. This chapter presents the following: Evolution of computing and how it relates to security Different areas that fall under the security umbrella Politics that affect security Introduction of information warfare Examples of security exploits A layered approach to security.

libby-reynolds
Download Presentation

Security Trends

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Trends This chapter presents the following: • Evolution of computing and how it relates to security • Different areas that fall under the security umbrella • Politics that affect security • Introduction of information warfare • Examples of security exploits • A layered approach to security

  2. Evolution of Computing • How Security became an issue? • The era of ‘MAINFRAMES’, roughly 25 years ago: • Connectivity through DUMB TERMINALS and have limited functionality ‘Closed Environment’ • Limited individuals with operating knowledge • Unavailability of point and click utilities • The era of ‘MAINFRAMES’ • Dependence on ‘MAINFRAMES’ grew • Due to limited time and functionality, productivity is low • What is the level of Security Threat then … ??

  3. Evolution of Computing • How Security became an issue? • The era of ‘CLIENT SERVERS’ • Initially limited processing on end-user PC, key processing on server • Later the PC became more efficient, they communicate with Mainframes via Servers (Figure 2.1) • The good things in life often have a darker side!!

  4. Evolution of Computing

  5. Evolution of Computing • How Security became an issue? • The era of ‘CLIENT SERVERS’ • Companies realized that the employees has to be protected from themselves • Need for the layered approach between Individuals, OS and Data • Lovely story, but what does it mean to security? • Computers are tools. Just as a knife can be a useful tool to cut meat and vegetables, it can also be a dangerous tool in the hands of someone with malicious intent. “The level of dependence and the extent of integration that technology has attained in our lives have made security a much more necessary and essential discipline”.

  6. Security Trends “Computer security is a marathon to be run at a consistent and continual pace. It is not a short sprint, and it is not for those who lack dedication or discipline.”

  7. Areas of Security • Security has a wide base that touches on several different areas. • Technology, hardware, people, and procedures are woven together as a security fabric, as illustrated in (Figure 2.2)

  8. Areas of Security

  9. Benign to Scary!! • Computers and networks touch every facet of modern life • Communication • Funds Transfers • Utility Management • Government Services • Military Action / Defense Systems • Technology abused for illegal and malicious activities • Information Warfare?

  10. Benign to Scary!! • In early days,Hackers carryout activities to impress the peers • Now, Hacking for ‘Fun’ is disappeared by Hacking with profit-driven motives • Individuals are hired by organized crime rings for illegal objectives • In many cases, the greatest damage to the organization is of reputation and consumer confidence • Product blueprints, • Financial information, • Business Contracts; etc

  11. Evidence of the Evolution of Hacking • www.cybercrime.gov.pk Some of the attacks that have made some of the headlines: • In July 2009 one of the gadgets that most of us are addicted to, the BlackBerry, was compromised. Hackers sent a piece of code that BlackBerry owners thought was a safe update for the Java code that runs on this device, but instead it was a piece of spyware that allowed the hackers to intercept e-mail and text messages. The “update software” was labeled: “Etisalat network upgrade for BlackBerry service. Please download to ensure continuous service quality.” This sounds convincing enough. It is probable that many BlackBerry devices have been infected by this malicious code, and it is just laying dormant without the owners knowing about it.

  12. Evidence of the Evolution of Hacking • Another loved gadget is the iPhone. In April 2009 a bug in the software was discovered that allows someone to crash the iPhone software, disconnect from the network that the iPhones use, and potentially execute code remotely on it. The remote code could allow someone to turn on the microphone of the phone and allow it to become a bugging device. As of this writing, this vulnerability is still being studied, but it is a good indicator of what is going on in the world.

  13. How are Nations Affected? • Intelligence agencies use of technology • develop new methods of collecting information on potential foreign enemy movement, • conducting surveillance, and • proving guilt in criminal activities. • Disruption of communication in warfare / or even peace time • Technology guided combat system (e.g. Un-manned Drones) • US Department of Defense (DoD) believes that almost 20 countries have developed cyber war organizations to attack other militaries and civilian targets through the internet.

  14. How are Nations Affected? Evidence of penetration activity: • During the Persian Gulf War in 1991, it was reported that hackers from the Netherlands penetrated 34 American military sites that supported Operation Desert Storm activities. They extracted information about the exact location of military troops, weapon details, and movement of American warships. It could have been a different war if Saddam Hussein had actually bought this information when it was offered to him, but he did not - he thought it was a trick. The future wars of nations would be targeted via these new methods - computer-generated attacks.

  15. How are Companies Affected? • Organizations have trade secrets and intellectual property • Can be stolen by employees who left to work for competitors • External attempts on organization’s databases (i.e. Credit Cards No.) • Organizations developing clear policies to protect its intellectual property and reputation • Compliance with privacy and confidentiality regulations: • Electronic Communication Policy (ECP) • Health Insurance Portability and Accountability Act (HIPPA) • Public Records Act (PRA) • Information Practices Act (IPA) • Sarbanes-Oxley Act of 2002; etc

  16. How are Companies Affected? • More and more responsibilities on top management CEOs and CFOs • Insurance option for natural disaster or a major security breach A company wants to be in a position where all the customers come to it when another company suffers a security compromise, not the other way around.

  17. The Government’s Action • Departments under the sponsorship of FBI • Critical Infrastructure Assurance Office (CIAO) under the Department of Commerce, • Information Sharing and Analysis Centers (ISACs), • National Infrastructure Protection Center (NIPC) • In 2002, President Bush created the Department of Homeland Security (DHS) • Prevention of Electronic Crimes Ordinance, 2007 • Updated in 2008.

  18. Politics and Laws • Trans-border issues pertaining to Cryptography • What can be encrypted, at what strength and by whom • ‘Common Criteria’ for Security Evaluation • Difficult for jury, investigators and Law enforcement agencies as they are not educated in these types of crimes. • Authorities face hard time in: • Collection of evidences for computer crimes • how to dump data from memory into a file, • recover data from formatted drive, etc • prevent data corruption • preserves data integrity • Crime-fighting agencies are increasing personnel with skills in technology and security in many parts of these organizations.

  19. So What does this all means to US??? • As our dependence on technology grows, so should our protective measures.

  20. Hacking and Attacking • Hacking, Cracking and Attacking • Hackers were initially considered the IT Geeks, • Now, the individuals with evil / destructive goals. • Availability of easy to use tools and utilities for hacking • GUI based vulnerability scanning tools • Tools working in ‘Quiet’ mode not detected by IDS • Require very limited knowledge to attack • Satisfy their curiosity and / or destructive goals • Considered as a challenge for computing and security professionals to continuously improve the quality of products and services

  21. Management • Historically, management focus is towards ‘Financial Gain’, ‘Growth’; etc and not much about ‘Firewalls’, ‘Hackers’ & ‘Security Breaches’. • A common ‘Perception’ is that IT department is responsible for security. Why???? • Is it a technical issue?? • Lack of understanding about information and enterprise security • Information security is a management issue that may require technical solutions. • It is management’s responsibility to set the tone for what role security will play in the organization. “Good security does not begin and end with erecting a firewall and installing antivirus software. Good security is planned, designed, implemented, and maintained, and is capable of evolving”

  22. A Layered Approach • What is meant by a “Layer Approach” (or Defense in Depth Approach)? • To protect an environment, you must truly understand the environment, the fixes to be applied, the differences among the numerous vendor applications and hardware variations, and how attacks are actually performed. • Running antivirus software only on workstations is not a layered approach in battling viruses. Running antivirus software on each workstation, file server, and mail server and applying content filtering via a proxy server is considered a layered approach toward combating viruses. • How is file access protection provided in a layered approach?

  23. A Layered Approach • To properly protect file access, the administrator must do the following: • Configure application, file, and Registry access control lists (ACLs) to provide more granularity to users’ and groups’ file permissions. • Configure the system default user rights (in a Windows environment) to give certain types of users certain types of rights. • Consider the physical security of the environment and the computers, and apply restraints where required. • Draft and enforce a strict logon credential policy so that not all users are logging on as the same user. • Implement monitoring and auditing of file access and actions to identify any suspicious activity.

  24. An Architectural View • This applies to the various protocols, applications, hardware, and security mechanisms that work at one or more of the seven layers of the OSI model. • IP spoofing is an attack at the network layer, • ARP attacks happen at the data link layer, • Traffic sniffing occurs at several layers, • Viruses enter through the application layer. • To deploy a firewall with strict password rules is sufficient to secure an environment? “To look at the flow of data in and out of a network and how the applications and devices work together is an architectural view, versus a device or application view”.

  25. An Architectural View • Each individual security component could be doing its job by protecting its piece of the network, but the security function may be lost when it is time to interrelate or communicate with another security component.

  26. A Layer Missed A network that has a firewall with packet filtering, a proxy server with content filtering, its public and private DNS records clearly separated, SSL for Internet users, IPSec for VPN connections, and public key infrastructure (PKI), as well as restricted service and port configuration, may seem like a fortified environment, and a network administrator most likely implemented these mechanisms with the best intentions.

  27. A Layer Missed A network that has a firewall with packet filtering, a proxy server with content filtering, its public and private DNS records clearly separated, SSL for Internet users, IPSec for VPN connections, and public key infrastructure (PKI), as well as restricted service and port configuration, may seem like a fortified environment, and a network administrator most likely implemented these mechanisms with the best intentions. • Without a scanning device that probes the environment on a scheduled basis or an IDS that looks out for suspicious activity, the environment could be vulnerable even after the company has spent thousands of dollars to protect it.

  28. Education • For a security specialist, one must have the interest and discipline to teach the security issues, go to seminars and conferences all over the world, read stacks of books, and have a wide range of experience in different environments. • Security should not be looked upon as an extra component or an option to be added later. It should be interwoven into the code as a program is being developed, and interwoven into the education of our new professionals.

  29. End of Chapter 1 • Thank You

More Related